Inside Visa's Data Center

Shedding its history of secrecy, Visa has pulled the curtain back on its data center operations, revealing the network capabilities that enable it to process more than 80 billion transactions a year.

In a recent interview at Visa's Foster City, Calif., headquarters, CTO Matt Quinlan said Visa wants the world to know that its network--which can route a transaction through multiple external networks around the world and back in just 1.4 seconds--is primed to accommodate new services and additional external networks with nary an effect on its core function of authorizing, clearing and settling purchases.

Today, nearly 15,000 banks, processors and other third parties connect to Visa's network to take advantage of an array of services. In addition to its well-known transaction processing services, Visa's network also runs many information services such as business intelligence and report generation, as well as risk management services such as fraud monitoring and encryption. (Every transaction is checked against 100 fraud-detection parameters in real time.)

One of the keys to the network's performance, Quinlan says, is capacity. And Visa has lots of it. Its two data centers--which are mirror images of each other and can operate interchangeably--are configured to process as many as 30,000 simultaneous transactions, or nearly three times as much as they've ever been asked to handle.

The company's flagship data center, dubbed Operations Center East, or OCE, is a 140,000-square-foot facility that Visa will only say is located "somewhere along the Eastern seaboard." It consists of seven independent physical pods that are linked by a corridor as long as three football fields, and which are filled with the latest hardware from IBM, Cisco, EMC, Hitachi and the like. Two of the pods run the company's powerful VisaNet payment-authorization system, three more act as backups and run Visa's internal systems, and the last two are shells awaiting an expansion of services and data requirements.

Inside the pods, 376 servers, 277 switches, 85 routers and 42 firewalls--all connected by 3,000 miles of cable--hum around the clock, enabling transactions around the globe in near real-time and keeping Visa's business running.

The facility's sophistication also extends to its energy management, business continuity and security features.

OCE is a LEED-certified building that features a white roof to reflect the sun's heat. It was built entirely of locally sourced materials, and is designed to have ambient temperatures low enough to sufficiently cool the hardware inside. In case of outages or other emergencies, OCE can generate enough diesel power to keep the facility running for nine days, and an on-site well feeds a 1.5 million gallon water storage tank to meet emergency cooling needs. Four heavy-duty conduits route electricity into the facility, ensuring that the network will run without issue even if one of the conduits is compromised.

High Security And High Performance

Not surprisingly, the facility, which is also designed to withstand earthquakes and gale-force winds up to 170 miles per hour, is locked down like a digital Fort Knox. The roads entering the complex have hydraulic bollards that can shoot up fast enough to stop a vehicle traveling up to 50 miles per hour dead in its tracks. (The road is too curvy to drive safely at higher speeds.) Visitors must pass through a security gate, be cleared by roving security teams, and then be subjected to a biometric scan before being admitted.

And even if OCE was rendered inoperative, Visa's second data center, which resides in an undisclosed Midwestern location, serves in part as an insurance policy. Despite being just half the size, the facility--called Operations Center Central, or OCC--is home to a mirrored instance of VisaNet and is capable of running Visa's entire network if needed. The 70,000-square-foot building also has enough on-site diesel power to keep things running for a week.

Still, as impressive as all of the security and business continuity measures are, it's the network performance it enables that sets Visa's data center operation apart. Quinlan says the network can take on whatever innovative new services the various communities it serves can come up with, such as new tools for processing mobile payments, offering point-of-sale discounts, or accepting payments for digital goods within video games.

For instance, just a few months ago, Visa itself launched a mobile payment service based on technology it acquired in its 2011 purchase of Fundamo. The service, which enables millions of unbanked consumers in developing economies to pay for goods using the SMS function of their mobile phones, barely caused a ripple in Visa's network performance.

The network seems to have no end to its ability to accommodate more data and services. In fact, Quinlan says, data travels no further than the length of a thumb before the network starts craving something else to process.

Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.